I have ssh access(with admin)to this firewall and so, i can change rules.
It works perfect. is it enough in security?
In my config, what is best way : use chroot or systrace? (for pf use in ssh environment)
thank's

Last edited by milo974; 2nd July 2008 at 12:56 PM.
Reason: more precision

Then you may have used chmod(1) or chown(8), or both, in order to provide rw access to /dev/pf. It is filemode 600 and owned by wheel:root in the default install.

Quote:

....is it enough in security?

It depends what you mean by the word security. We don't know what you mean by the word, or what else you've done, or what you intend.

Example, if you allow password authentication, and SSH access is exposed to the Internet, then I would consider your solution insecure. Others might think strong passwords are sufficient. Still more might recommend using a non-default port number. I wouldn't. But then, I don't know what you mean by "security."

Quote:

In my config, what is best way : use chroot or systrace?

I don't see how either would apply to shell commands.

First, ask yourself, "What is it I wish to accomplish?" Once you have the answer, then you can search for a technical solution, and ask for advice or best practice. Don't start with technical tools, and ask if they apply to an ill-defined solution.

the ssh access is exposed to internet, and password authentification.
Root cant connect to ssh access.
admin account is restricted :cant use su command ; can use only sudo vi /etc/pf.conf or sudo pfctl -f /etc/pf.conf.
My system is a colander ? in security terms ?

what i wish is when admin is connected, i want to change system root (chroot) and have an access to modify pf.conf and reload it. How can i do that ?

Last edited by milo974; 2nd July 2008 at 06:37 PM.
Reason: more precision

How strong is your "admin" password? Any 8-character password can be broken by brute-force in a matter of days; if a dictionary attack is used and the password contains words or word fragments, it can be broken in a weekend. That's not good.

OpenBSD supports many authentication technologies (see login.conf(5) for most), including Kerberos and physical token systems. For simplicity with SSH, I happen to like public key authentication when keys can be stored remotely, and S/Key one-time-use passphrases when they can't (see skey(1) and related man pages).

Sudo limitations

You are allowing vi(1) to be executed as root. Once in the editor, the "admin" user can request a shell, and they will then have a root shell without restriction and without audit history.

If you are trying to limit what "admin" can do, you must only permit the execution of programs that that do not allow shell escapes.

------------------------------------------------------

If you are "admin" and you are trying to limit damage should someone acquire the password .... your best solution is to not use passwords, or not use them alone.

Current commercial best practice is to require binary authentication -- two different things:

admin account is restricted :cant use su command ; can use only sudo vi /etc/pf.conf or sudo pfctl -f /etc/pf.conf.

While sudo(8) provides finer access granularity, the reason you are unable to use su(1) is most likely due to the account lacking membership in the wheel group. For more information, see Section 10.1 of the FAQ: